It often takes a whopping loss or a shocking string of internal emails exposing egregious lapses in business judgement and alleged fraudulent activity to refocus the financial industry on an age-old problem: inadequate internal fraud controls.
Whether it’s Societe Generale’s $7.2 billion loss at the hands of a rogue trader, or allegations that Wachovia executives knowingly engaged fraudulent telemarketers that, in turn, stole millions of dollars from customer accounts, internal fraud is once again front and center for financial institutions.
Surprised? Don’t be. Crowe Chizek bank fraud specialist, E. Michael Thomas, says that while studies “show only five percent of employees actively seek opportunities to commit fraud, a whopping 80 percent would do so given the appropriate opportunity and circumstances.”
Thomas, a former banker with SunTrust for 18 years prior to becoming a consultant, says the biggest lapses occur when management loses focus on its responsibility for oversight, instead focusing on profit motives rather than on performing fiduciary duties and managers become complacent with individuals, especially top performers who are allowed to bend the rules. “Motivation, opportunity and rationalization are necessary components of fraud,” he says. “If you take the largest fraud losses within an organization, an insider will be involved either directly or acting as an accessory.”
So what five steps can financial institutions take to ensure their internal controls are sufficient in detecting vulnerabilities and combating fraud?
1. Create a culture built on ethics and integrity, and enforce strong corporate governance. “All the internal controls in the world will not work in an organization that does not have ethical behavior and integrity. It starts with the board of directors, and who they pick as CEO and who he picks to be his executive team,” says Thomas.
2. Monitor the institution’s integrity position, and have the board, the management team and the audit group agree on consequences. “If we catch someone violating policy or procedure, or doing something dishonest, what are we going to do about it?”
3. Practice what you preach: Make fraud awareness and competency training a requirement for all levels of employees.
4. Institute a process for continuous validation and testing. “Inspect what you expect. Validate what you expect,” says Thomas.
5. Hire honest people. Almost every fraud case involves people who have committed fraud before. “One high-risk area in banking: wire transfer, where three or four times a bank’s capital is wired every day. Who are we putting in key positions?” he asks rhetorically.
